Hotel EngineRemote
Senior Security Engineer
United States of America
Full Time
2 hours ago
$116,000 - $160,000 USD
H1B Sponsor Likely
Key skills
Programming languagesSIEM managementDockerKubernetesContainer vulnerability managementSASTDASTIASTManual security testingOWASP Top 10Mitre Top 25Secure coding practicesCloud securityCompliance frameworksSOC 2PCIPythonJavaC#CRubyNode.jsCI/CDMentoringCommunicationCollaborationOWASPPenetration TestingCloud Security
About this role
Engine is a rapidly growing company transforming business travel through technology. They are seeking a Senior Security Engineer to oversee the security and integrity of applications and software systems, focusing on vulnerability management, security analysis, and cross-functional collaboration.
Responsibilities:
- Own the configuration, tuning, and management of our SIEM solution
- Diagnose unusual threats through sophisticated analysis and develop the alerts needed to respond to security incidents across multiple layers
- Perform architecture reviews, code reviews, and infrastructure configuration reviews
- Conduct light penetration testing on web and mobile apps, identifying root causes of vulnerabilities and resolving them using creative problem-solving
- Maintain and optimize a vulnerability management CI/CD pipeline within our container/application delivery infrastructure
- Adapt proven methods to align security goals with business objectives, even when guidance is light
- Partner with development and infrastructure teams to enforce secure coding practices and remediation strategies
- Adapt your messaging across teams to reduce misalignment and move security work forward
- Build and maintain the frameworks and tooling for enterprise security, ensuring that security guidelines are clear and actionable for the broader engineering organization
- Play a key role in incident response and forensic investigations
- Weigh context and data thoughtfully to make smart decisions during high-pressure situations
- Stay current on the latest threats and provide direct, clear guidance to development teams
- Help develop security training to empower your peers and improve the team’s overall security posture
Requirements:
- Highly skilled in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js)
- Expertise in managing SIEM solutions with a focus on comprehensive, efficient alerting that reduces 'noise.'
- Strong knowledge of Docker and Kubernetes, with hands-on experience in automated container vulnerability management
- Mastery of SAST, DAST, and IAST tools, with the ability to perform manual validation testing to confirm findings
- Deep knowledge of the OWASP Top 10, Mitre Top 25, and secure coding practices
- Ability to assess complex, ambiguous situations to identify root causes and provide thoughtful input on difficult security topics
- A track record of earning credibility with peers through clear, direct communication and a passion for mentoring others
- Experience working with cloud security concepts and compliance frameworks such as SOC 2 and PCI